Fake "hack-back" offers are putting ransomware victims at further risk

News
By published

Fraudsters are now going after ransomware victims

Code Skull
(Image credit: Shutterstock)

Ransomware victims are being targeted by scammers looking to trick them out of even more of their hard-earned money, new research has claimed.

A report from Arctic Wolf, which observed at least two such incidents where a person claiming to be an ethical hacker reached out to ransomware victims and offered to break into the ransomware operators’ infrastructure and permanently delete the stolen databases. 

In one such instance, the hacker asked for roughly $190,000 in cryptocurrency (up to five bitcoin). Even though the victims were approached by people with different aliases, the researchers believe it’s actually the same individual in both attempts.

Too many coincidences

In one case, the company fell prey to Royal ransomware, while in the other, Akira. In the first instance, the fraudster presented themselves as “Ethical Side Group”, and offered to return the data from the “TommyLeaks” gang, instead of the actual hackers - Royal. What’s more, the fraudster didn’t seem to know that the negotiations between the victim and Royal were concluded back in 2022. 

In the second incident, a fraudster with an alias “xanonymoux” reached out to a victim firm, offering to delete the data from Akira’s servers when, in reality, Akira never stole the data - just encrypted it on the victim’s endpoints. 

Finally, Arctic Wolf saw that during the initial communication, in both instances, ten common phrases were used. Both scammers used the same method to prove they had access to the stolen data. All of this led them to believe that this was, in fact, the same individual.

Usually, when a ransomware operator targets a network, they not only encrypt the data, but also steal it and threaten to release it to the dark web, unless a payment is made. In fact, the data theft part is arguably more disruptive than the encryption part, as businesses have become better at restoring their systems from backups. A data leak, however, can cause irreparable damage.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Latest in Security
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Data leak
Top collectibles site leaks personal data of nearly a million users
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Latest in News
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Oppo Watch Mini X2 teaser
Oppo Watch X2 Mini teaser could be our first glimpse of the smaller OnePlus Watch 3
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge benchmark leak has eased my worries about its performance
Gmail at 20
Your Gmail search results are about to get a huge change - and I'm not sure you're going to be happy with it
Google Pixel 9 in green Wintergreen color showing AI features on screen
Older Pixels just got a big performance boost, while the Pixel 9a is lacking a key feature
Google Pixel Watch 3
Google Pixel Watch 3's Loss of Pulse Detection could save your life – here's how the company created it
More about security
UK Prime Minister Sir Kier Starmer

The UK releases timeline for migration to post-quantum cryptography

ransomware avast

Ransomware attacks are costing Government offices a month of downtime on average
A stethoscope next to a laptop on a pink background

How to check if your VPN is working
See more latest
Most Popular
Oppo Watch Mini X2 teaser
Oppo Watch X2 Mini teaser could be our first glimpse of the smaller OnePlus Watch 3
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Google Pixel Watch 3
Google Pixel Watch 3's Loss of Pulse Detection could save your life – here's how the company created it
Gmail at 20
Your Gmail search results are about to get a huge change - and I'm not sure you're going to be happy with it
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge benchmark leak has eased my worries about its performance
Google Pixel 9 in green Wintergreen color showing AI features on screen
Older Pixels just got a big performance boost, while the Pixel 9a is lacking a key feature
Wonka poster
Netflix cooks up sweet new reality TV series based on Charlie and the Chocolate Factory, and it's a dream come true for me
Google NotebookLM on a MacBook.
Google’s NotebookLM adds Mind Maps to its string of research tools to help you learn faster than ever
Mark S and Helly R standing by their desks bathed in blue light in Severance's season 2 finale
Severance season 2 episode 10 ending explained: what does Mark do, who dies, will there be a season 3, and more big questions answered
YouTube Premium
Would you pay for better sound on YouTube? The video-sharing platform could soon let you control audio quality, but it'll cost you